EPSS
Percentile
44.4%
privacyIDEA is vulnerable to denial of service (DoS) attacks. The library does not properly validate the user parameter, allowing a malicious user to pass a HTTP request with an empty user parameter to quickly trigger the 10 attempt limit lock out.
github.com/privacyidea/privacyidea/commit/a3edc09beffa2104f357fe24971ea3211ce40751
github.com/privacyidea/privacyidea/issues/1227